Re: [squid-users] problem fetching one specific website -> doesn't get added to cache

On Tue, 25 Oct 2005 tomvo@absi.be wrote:

> 12:15:41.144177 paulus.vera.be.158.110.193.in-addr.arpa.34508 >
> cust143-123.dsl.versadsl.be.http: S [tcp sum ok] 2435788026:2435788026(0)
> win 5440 <mss 1360,sackOK,timestamp 55585852 0,nop,wscale 0> (DF) (ttl 64,
> id 198, len 60)

> 12:15:41.160365 cust143-123.dsl.versadsl.be.http >
> paulus.vera.be.158.110.193.in-addr.arpa.34508: S [tcp sum ok]
> 3638739633:3638739633(0) ack 2435788027 win 17184 <mss 1432,nop,wscale
> 0,nop,nop,timestamp 0 0,nop,nop,sackOK> (DF) (ttl 116, id 35134, len 64)

> 12:15:41.160410 paulus.vera.be.158.110.193.in-addr.arpa.34508 >
> cust143-123.dsl.versadsl.be.http: . [tcp sum ok] 1:1(0) ack 1 win 5440
> <nop,nop,timestamp 55585854 0> (DF) (ttl 64, id 199, len 52)

SYN->SYN+ACK->ACK handshake OK.

> 12:15:41.162019 paulus.vera.be.158.110.193.in-addr.arpa.34508 >
> cust143-123.dsl.versadsl.be.http: P 1:217(216) ack 1 win 5440
> <nop,nop,timestamp 55585854 0> (DF) (ttl 64, id 200, len 268)

Request sent.

> 12:15:41.265355 cust143-123.dsl.versadsl.be.http >
> paulus.vera.be.158.110.193.in-addr.arpa.34508: P 1:157(156) ack 217 win
> 16968 <nop,nop,timestamp 144916 55585854> (DF) (ttl 116, id 35135, len
> 208)

And acked, including the first 156 (1-157) of response..

> 12:15:41.265387 paulus.vera.be.158.110.193.in-addr.arpa.34508 >
> cust143-123.dsl.versadsl.be.http: . [tcp sum ok] 217:217(0) ack 157 win
> 5440 <nop,nop,timestamp 55585864 144916> (DF) (ttl 64, id 201, len 52)

The first 157 of the response is acked.

> 12:15:41.304118 cust143-123.dsl.versadsl.be.http >
> paulus.vera.be.158.110.193.in-addr.arpa.34508: P 1577:2153(576) ack 217
> win 16968 <nop,nop,timestamp 144916 55585854> (DF) (ttl 116, id 35137, len
> 628)

then suddenly bytes 1577-2153 of the response arrives. Where it 157-1577?

> 12:15:41.304152 paulus.vera.be.158.110.193.in-addr.arpa.34508 >
> cust143-123.dsl.versadsl.be.http: . [tcp sum ok] 217:217(0) ack 157 win
> 5440 <nop,nop,timestamp 55585868 144916,nop,nop,sack sack 1 {1577:2153} >
> (DF) (ttl 64, id 202, len 64)

Your linux asks the same thing... where is those missing pieces???

> 12:15:53.841199 cust143-123.dsl.versadsl.be.http >
> paulus.vera.be.158.110.193.in-addr.arpa.34508: . [tcp sum ok]
> 1577:1589(12) ack 217 win 16968 <nop,nop,timestamp 145043 55585868> (DF)
> (ttl 116, id 35169, len 64)

Now it gets even wierder.. now suddenly 1577:1589 arrives, which is a
repetition of a small piece of the above packet..

> 12:15:53.841221 paulus.vera.be.158.110.193.in-addr.arpa.34508 >
> cust143-123.dsl.versadsl.be.http: . [tcp sum ok] 217:217(0) ack 157 win
> 5440 <nop,nop,timestamp 55587122 144916,nop,nop,sack sack 2
> {1577:1589}{1577:2153} > (DF) (ttl 64, id 203, len 72)

and 157:1577 is still missing..

> 12:16:08.928582 cust143-123.dsl.versadsl.be.http >
> paulus.vera.be.158.110.193.in-addr.arpa.34508: . [tcp sum ok]
> 1577:1589(12) ack 217 win 16968 <nop,nop,timestamp 145194 55587122> (DF)
> (ttl 116, id 35237, len 64)

and it repeats...

> 12:16:08.928628 paulus.vera.be.158.110.193.in-addr.arpa.34508 >
> cust143-123.dsl.versadsl.be.http: . [tcp sum ok] 217:217(0) ack 157 win
> 5440 <nop,nop,timestamp 55588630 144916,nop,nop,sack sack 2
> {1577:1589}{1577:2153} > (DF) (ttl 64, id 204, len 72)

> 12:16:13.957510 cust143-123.dsl.versadsl.be.http >
> paulus.vera.be.158.110.193.in-addr.arpa.34508: . [tcp sum ok]
> 3009:3021(12) ack 217 win 16968 <nop,nop,timestamp 145244 55588630> (DF)
> (ttl 116, id 35281, len 64)

Now 3009:3021 arrived.. still no sign of 157:1577, and now also 1589:3009
is missing..

> 12:16:13.957554 paulus.vera.be.158.110.193.in-addr.arpa.34508 >
> cust143-123.dsl.versadsl.be.http: . [tcp sum ok] 217:217(0) ack 157 win
> 5440 <nop,nop,timestamp 55589133 144916,nop,nop,sack sack 2
> {3009:3021}{1577:2153} > (DF) (ttl 64, id 205, len 72)

and your linux correcly says it has only got small fragments of the data
so far with lots of pieces missing. The above says I have got up to 157,
and 3009-3021 and 1577-2153. The rest is missing.

> 12:16:18.986690 cust143-123.dsl.versadsl.be.http >
> paulus.vera.be.158.110.193.in-addr.arpa.34508: . [tcp sum ok]
> 4441:4453(12) ack 217 win 16968 <nop,nop,timestamp 145294 55589133> (DF)
> (ttl 116, id 35496, len 64)

Yet another fragment even further ahead in the response..

and it continues like this. Total mess..

> i noticed with ethereal a lot of Dup ACK's, does this mean anything to
> anyone ??

Just a symptom that something is seriously ill with this TCP stream. It is
the least odd thing about this TCP stream..

I would not rule out the firewall just yet...

Regards
Henrik
Received on Wed Oct 26 2005 - 19:17:51 MDT